From 0123d8c4c29fc807d5c877537d1947da6e57e2bf Mon Sep 17 00:00:00 2001 From: Michael Lingelbach Date: Sat, 16 Jan 2021 10:06:05 -0800 Subject: [PATCH 1/3] matrix-dendrite: init at 0.3.11 --- pkgs/servers/matrix-dendrite/default.nix | 23 +++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 ++ 2 files changed, 25 insertions(+) create mode 100644 pkgs/servers/matrix-dendrite/default.nix diff --git a/pkgs/servers/matrix-dendrite/default.nix b/pkgs/servers/matrix-dendrite/default.nix new file mode 100644 index 00000000000..708a1e6f65e --- /dev/null +++ b/pkgs/servers/matrix-dendrite/default.nix @@ -0,0 +1,23 @@ +{ lib, buildGoModule, fetchFromGitHub}: + +buildGoModule rec { + pname = "matrix-dendrite"; + version = "0.3.11"; + + src = fetchFromGitHub { + owner = "matrix-org"; + repo = "dendrite"; + rev = "v${version}"; + sha256 = "15xqd4yhsnnpz5n90fbny9i8lp7ki2z3fbpbd8cvsp49347rm483"; + }; + + vendorSha256 = "1l1wydvi0yalas79cvhrqg563cvs57hg9rv6qnkw879r6smb2x1n"; + + meta = with lib; { + homepage = "https://matrix.org"; + description = "Dendrite is a second-generation Matrix homeserver written in Go!"; + license = licenses.asl20; + maintainers = teams.matrix.members; + platforms = platforms.unix; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 80373d50963..e0b35e8d4aa 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -6097,6 +6097,8 @@ in inherit (darwin.apple_sdk.frameworks) Security; }; + matrix-dendrite = callPackage ../servers/matrix-dendrite { }; + /* Python 3.8 is currently broken with matrix-synapse since `python38Packages.bleach` fails (https://github.com/NixOS/nixpkgs/issues/76093) */ matrix-synapse = callPackage ../servers/matrix-synapse { /*python3 = python38;*/ }; From f03f26bf8f59357e54658cf66a0c1a1049579140 Mon Sep 17 00:00:00 2001 From: Michael Lingelbach Date: Sat, 16 Jan 2021 11:09:00 -0800 Subject: [PATCH 2/3] maintainers: add mjlbach to the matrix team --- maintainers/team-list.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/maintainers/team-list.nix b/maintainers/team-list.nix index 1318ac2a586..66cddb966d7 100644 --- a/maintainers/team-list.nix +++ b/maintainers/team-list.nix @@ -135,6 +135,7 @@ with lib.maintainers; { mguentner ekleog ralith + mjlbach ]; scope = "Maintain the ecosystem around Matrix, a decentralized messenger."; }; From ff43bbe53e370fa1072e952b89d0a32fb1dfda3a Mon Sep 17 00:00:00 2001 From: Michael Lingelbach Date: Sat, 16 Jan 2021 13:57:59 -0800 Subject: [PATCH 3/3] matrix-dendrite: add nixos module --- nixos/modules/module-list.nix | 1 + .../modules/services/misc/matrix-dendrite.nix | 181 ++++++++++++++++++ 2 files changed, 182 insertions(+) create mode 100644 nixos/modules/services/misc/matrix-dendrite.nix diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index dd6fa483281..11d55e29a82 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -509,6 +509,7 @@ ./services/misc/mame.nix ./services/misc/matrix-appservice-discord.nix ./services/misc/matrix-appservice-irc.nix + ./services/misc/matrix-dendrite.nix ./services/misc/matrix-synapse.nix ./services/misc/mautrix-telegram.nix ./services/misc/mbpfan.nix diff --git a/nixos/modules/services/misc/matrix-dendrite.nix b/nixos/modules/services/misc/matrix-dendrite.nix new file mode 100644 index 00000000000..b719df29c5a --- /dev/null +++ b/nixos/modules/services/misc/matrix-dendrite.nix @@ -0,0 +1,181 @@ +{ config, lib, pkgs, ... }: +let + cfg = config.services.matrix-dendrite; + settingsFormat = pkgs.formats.yaml { }; + configurationYaml = settingsFormat.generate "dendrite.yaml" cfg.settings; + workingDir = "/var/lib/matrix-dendrite"; +in +{ + options.services.matrix-dendrite = { + enable = lib.mkEnableOption "matrix.org dendrite"; + httpPort = lib.mkOption { + type = lib.types.nullOr lib.types.port; + default = 8008; + description = '' + The port to listen for HTTP requests on. + ''; + }; + httpsPort = lib.mkOption { + type = lib.types.nullOr lib.types.port; + default = null; + description = '' + The port to listen for HTTPS requests on. + ''; + }; + tlsCert = lib.mkOption { + type = lib.types.nullOr lib.types.path; + example = "/var/lib/matrix-dendrite/server.cert"; + default = null; + description = '' + The path to the TLS certificate. + + + nix-shell -p matrix-dendrite --command "generate-keys --tls-cert server.crt --tls-key server.key" + + ''; + }; + tlsKey = lib.mkOption { + type = lib.types.nullOr lib.types.path; + example = "/var/lib/matrix-dendrite/server.key"; + default = null; + description = '' + The path to the TLS key. + + + nix-shell -p matrix-dendrite --command "generate-keys --tls-cert server.crt --tls-key server.key" + + ''; + }; + environmentFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; + example = "/var/lib/matrix-dendrite/registration_secret"; + default = null; + description = '' + Environment file as defined in + systemd.exec5 + . + Secrets may be passed to the service without adding them to the world-readable + Nix store, by specifying placeholder variables as the option value in Nix and + setting these variables accordingly in the environment file. Currently only used + for the registration secret to allow secure registration when + client_api.registration_disabled is true. + + + # snippet of dendrite-related config + services.matrix-dendrite.settings.client_api.registration_shared_secret = "$REGISTRATION_SHARED_SECRET"; + + + + # content of the environment file + REGISTRATION_SHARED_SECRET=verysecretpassword + + + Note that this file needs to be available on the host on which + dendrite is running. + ''; + }; + settings = lib.mkOption { + type = lib.types.submodule { + freeformType = settingsFormat.type; + options.global = { + server_name = lib.mkOption { + type = lib.types.str; + example = "example.com"; + description = '' + The domain name of the server, with optional explicit port. + This is used by remote servers to connect to this server. + This is also the last part of your UserID. + ''; + }; + private_key = lib.mkOption { + type = lib.types.path; + example = "${workingDir}/matrix_key.pem"; + description = '' + The path to the signing private key file, used to sign + requests and events. + + + nix-shell -p matrix-dendrite --command "generate-keys --private-key matrix_key.pem" + + ''; + }; + trusted_third_party_id_servers = lib.mkOption { + type = lib.types.listOf lib.types.str; + example = [ "matrix.org" ]; + default = [ "matrix.org" "vector.im" ]; + description = '' + Lists of domains that the server will trust as identity + servers to verify third party identifiers such as phone + numbers and email addresses + ''; + }; + }; + options.client_api = { + registration_disabled = lib.mkOption { + type = lib.types.bool; + default = true; + description = '' + Whether to disable user registration to the server + without the shared secret. + ''; + }; + }; + }; + default = { }; + description = '' + Configuration for dendrite, see: + + for available options with which to populate settings. + ''; + }; + }; + + config = lib.mkIf cfg.enable { + assertions = [{ + assertion = cfg.httpsPort != null -> (cfg.tlsCert != null && cfg.tlsKey != null); + message = '' + If Dendrite is configured to use https, tlsCert and tlsKey must be provided. + + nix-shell -p matrix-dendrite --command "generate-keys --tls-cert server.crt --tls-key server.key" + ''; + }]; + + systemd.services.matrix-dendrite = { + description = "Dendrite Matrix homeserver"; + after = [ + "network.target" + ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "simple"; + DynamicUser = true; + StateDirectory = "matrix-dendrite"; + WorkingDirectory = workingDir; + RuntimeDirectory = "matrix-dendrite"; + RuntimeDirectoryMode = "0700"; + EnvironmentFile = lib.mkIf (cfg.environmentFile != null) cfg.environmentFile; + ExecStartPre = + if (cfg.environmentFile != null) then '' + ${pkgs.envsubst}/bin/envsubst \ + -i ${configurationYaml} \ + -o /run/matrix-dendrite/dendrite.yaml + '' else '' + ${pkgs.coreutils}/bin/cp ${configurationYaml} /run/matrix-dendrite/dendrite.yaml + ''; + ExecStart = lib.strings.concatStringsSep " " ([ + "${pkgs.matrix-dendrite}/bin/dendrite-monolith-server" + "--config /run/matrix-dendrite/dendrite.yaml" + ] ++ lib.optionals (cfg.httpPort != null) [ + "--http-bind-address :${builtins.toString cfg.httpPort}" + ] ++ lib.optionals (cfg.httpsPort != null) [ + "--https-bind-address :${builtins.toString cfg.httpsPort}" + "--tls-cert ${cfg.tlsCert}" + "--tls-key ${cfg.tlsKey}" + ]); + ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; + Restart = "on-failure"; + }; + }; + }; + meta.maintainers = lib.teams.matrix.members; +}